Segmentation fault. #143

Closed
abrosimov opened this Issue Mar 11, 2012 · 3 comments

2 participants

@abrosimov

Hi. I'm using phpredis in phpDaemon application, and sometimes it crashes with SIGSEGV at redis_check_eof.

Here backtrace:
(gdb) bt
#0 _php_stream_eof (stream=0x0) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/main/streams/streams.c:680
#1 0x00007f576e38f26f in redis_check_eof (redis_sock=0x24f2620) at /root/php_tmp/phpredis/library.c:34
#2 0x00007f576e38f37f in redis_sock_write (redis_sock=0x24f2620, cmd=0x3199fc0 "*1\r\n$4\r\nPING\r\n", sz=14) at /root/php_tmp/phpredis/library.c:1079
#3 0x00007f576e385a68 in zim_Redis_ping (ht=0, return_value=0x373e2d8, return_value_ptr=0x0, this_ptr=0x24e9910, return_value_used=1) at /root/php_tmp/phpredis/redis.c:854
#4 0x00000000006d7cbc in zend_do_fcall_common_helper_SPEC (execute_data=0x7f5774b86608) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/Zend/zend_vm_execute.h:320
#5 0x00000000006b01d8 in execute (op_array=0x1e4ac80) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/Zend/zend_vm_execute.h:107
#6 0x0000000000681a10 in zend_call_function (fci=0x7fff4dffd980, fci_cache=) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/Zend/zend_execute_API.c:968
#7 0x00000000006a13df in zend_call_method (object_pp=0x7fff4dffdaa8, obj_ce=0x1e382d8, fn_proxy=0x1e384b8, function_name=0xb6ba41 "__call", function_name_len=1849286334,
retval_ptr_ptr=, param_count=2, arg1=0x3669b40, arg2=0x48e7428) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/Zend/zend_interfaces.c:97
#8 0x00000000006aaee5 in zend_std_call_user_call (ht=, return_value=0x3d52248, return_value_ptr=, this_ptr=0x24d3e28,
return_value_used=) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/Zend/zend_object_handlers.c:717
#9 0x00000000006d7cbc in zend_do_fcall_common_helper_SPEC (execute_data=0x7f5774b85a40) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/Zend/zend_vm_execute.h:320
#10 0x00000000006b01d8 in execute (op_array=0x1d93fa8) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/Zend/zend_vm_execute.h:107
#11 0x0000000000681a10 in zend_call_function (fci=0x7fff4dffdd50, fci_cache=) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/Zend/zend_execute_API.c:968
#12 0x00000000005d7f35 in zif_call_user_func_array (ht=, return_value=0x2f07328, return_value_ptr=, this_ptr=,
return_value_used=) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/ext/standard/basic_functions.c:4797
#13 0x00000000006d7cbc in zend_do_fcall_common_helper_SPEC (execute_data=0x7f5774b842d8) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/Zend/zend_vm_execute.h:320
#14 0x00000000006b01d8 in execute (op_array=0x37fde00) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/Zend/zend_vm_execute.h:107
#15 0x0000000000681a10 in zend_call_function (fci=0x7fff4dffe050, fci_cache=) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/Zend/zend_execute_API.c:968
#16 0x0000000000682510 in call_user_function_ex (function_table=, object_pp=, function_name=0xe, retval_ptr_ptr=0x474e4950, param_count=1849286334,
params=0x24f2620, no_separation=1, symbol_table=0x0) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/Zend/zend_execute_API.c:758
#17 0x0000000000682562 in call_user_function (function_table=0x1712bb0, object_pp=0x3199fc0, function_name=0xe, retval_ptr=0x7fff4dffe110, param_count=1849286334,
params=) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/Zend/zend_execute_API.c:731
#18 0x00007f576f3f03c8 in ?? () from /usr/lib64/php5.3/lib/extensions/no-debug-non-zts-20090626/libevent.so
#19 0x00007f576f1d8c19 in event_base_loop () from /usr/lib64/libevent-1.4.so.2
#20 0x00007f576f3f1b1e in ?? () from /usr/lib64/php5.3/lib/extensions/no-debug-non-zts-20090626/libevent.so
#21 0x00000000006d7cbc in zend_do_fcall_common_helper_SPEC (execute_data=0x7f5774b803d8) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/Zend/zend_vm_execute.h:320
#22 0x00000000006b01d8 in execute (op_array=0x1ad4700) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/Zend/zend_vm_execute.h:107
#23 0x0000000000681a10 in zend_call_function (fci=0x7fff4dffe4a0, fci_cache=) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/Zend/zend_execute_API.c:968
#24 0x00000000005d7c71 in zif_call_user_func (ht=, return_value=0x228c088, return_value_ptr=, this_ptr=,
return_value_used=) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/ext/standard/basic_functions.c:4772
#25 0x00000000006d7cbc in zend_do_fcall_common_helper_SPEC (execute_data=0x7f5774b7eae0) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/Zend/zend_vm_execute.h:320
#26 0x00000000006b01d8 in execute (op_array=0x1ac4e38) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/Zend/zend_vm_execute.h:107
#27 0x0000000000681a10 in zend_call_function (fci=0x7fff4dffe790, fci_cache=) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/Zend/zend_execute_API.c:968
#28 0x0000000000682510 in call_user_function_ex (function_table=, object_pp=, function_name=0xe, retval_ptr_ptr=0x474e4950, param_count=1849286334,
params=0x24f2620, no_separation=1, symbol_table=0x0) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/Zend/zend_execute_API.c:758
#29 0x0000000000682562 in call_user_function (function_table=0x1712bb0, object_pp=0x3199fc0, function_name=0xe, retval_ptr=0x7fff4dffe850, param_count=1849286334,
params=) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/Zend/zend_execute_API.c:731
#30 0x00007f576f3f02b2 in ?? () from /usr/lib64/php5.3/lib/extensions/no-debug-non-zts-20090626/libevent.so
#31 0x00007f576f1d8c19 in event_base_loop () from /usr/lib64/libevent-1.4.so.2
#32 0x00007f576f3f1b1e in ?? () from /usr/lib64/php5.3/lib/extensions/no-debug-non-zts-20090626/libevent.so
#33 0x00000000006d7cbc in zend_do_fcall_common_helper_SPEC (execute_data=0x7f5774b7e000) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/Zend/zend_vm_execute.h:320
#34 0x00000000006b01d8 in execute (op_array=0x1ad4700) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/Zend/zend_vm_execute.h:107
#35 0x000000000068aeba in zend_execute_scripts (type=8, retval=, file_count=3) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/Zend/zend.c:1236
#36 0x0000000000639c60 in php_execute_script (primary_file=) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/main/main.c:2284
#37 0x0000000000715e92 in main (argc=, argv=) at /var/tmp/portage/dev-lang/php-5.3.8/work/php-5.3.8/sapi/cli/php_cli.c:1184
(gdb) up
#1 0x00007f576e38f26f in redis_check_eof (redis_sock=0x24f2620) at /root/php_tmp/phpredis/library.c:34
34 /root/php_tmp/phpredis/library.c: Нет такого файла или каталога.
(gdb) p * redis_sock
$1 = {stream = 0x0, host = 0x24f1a90 "srv1.vk.www.drimmi.com", port = 6370, timeout = 0, failed = 0, status = 0, persistent = 0, watching = 0, persistent_id = 0x0,
serializer = 0, prefix = 0x0, prefix_len = 0, mode = ATOMIC, head = 0x0, current = 0x0, pipeline_head = 0x0, pipeline_current = 0x0}

@nicolasff

Hello,

Could you tell me a bit more about what you were running? phpredis crashed in ping(), but what context was that in? Just a simple PHP script on the command line?

Also, what version of phpredis are you running? I assume this is on Gentoo, but do you pull the github master or a specific tag or commit?

Thanks.

@abrosimov

Sorry for my bad English.
Version: 2.1.3 (phpinfo() output)
installation process: git clone https://github.com/nicolasff/phpredis.git, etc.

phpDaemon that I'm use placed here: https://github.com/kakserpom/phpdaemon

My app use objects pool named RedisMapper (http://pastebin.ca/2126811) which contains ConnectionHandler (http://pastebin.ca/2126812) for object in pool.
Also, I write my wrapper for phpredis, because we doesn't use exceptions (http://pastebin.ca/2126814).

30 minutes ago this bug was repeated for another worker, and last message in logs:
[Sun, 11 Mar 2012 16:57:18.730650 +0400] Error in redis op. Reason: read error on connection. Op: array(2) {
[0]=>
object(Redis)#877 (1) {
["socket"]=>
resource(872) of type (Redis Socket Buffer)
}
[1]=>
string(5) "setNx"
}
After this worker have segfault. Backtrace the same.
And I don't know how i can reproduce this bug.

thanks.

@nicolasff nicolasff added a commit that referenced this issue Mar 11, 2012
@nicolasff nicolasff Make sure stream exists when checking for EOF.
Addressing issue #143.
4cf7677
@nicolasff

I added a check that will avoid this crash. In the worst case, you will now get a connection exception.

@nicolasff nicolasff closed this Mar 11, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment